Splunk Search

Community Activity

Search terms are case sensitive or case insensitive. Search terms are case sensitive or case insensitive? (components of search language)? For me, the answer is case sen... by palisetty Communicator in Splunk Search 01-01-2020 0 9	0	9
categorize or classify dissimilar field values at search time? The goal is to generate a new field "Category" and assign it an arbitrary value (e.g. "Error") depending on which reg... by mitag Contributor in Splunk Search 12-31-2019 0 4	0	4
Correlating two alerts question I have the following 2 alerts and need to correlate them. The first one is looks for an OS reboot. The second one l... by sbgoldberg13 Explorer in Splunk Search 12-31-2019 0 5	0	5
Why is the Splunk Enterprise 'WGet' link so slow? I'm trying to automate the deployment of the Heavy Forwarder, as part of that i'm automatically fetching the Splunk H... by patrick112 New Member in Splunk Search 12-31-2019 0 0	0	0
Create more efficient "IF"statement that looks at the last 30 days \| eval nessus = if(like(nessus, "%2019") AND relative_time(now(), "-30d@d") < strptime(nessus,"%m/%d/%Y"), 1, 0) Ab... by UMDTERPS Communicator in Splunk Search 12-31-2019 0 2	0	2
Systemd support with Splunk does not work on SLES When we set up Splunk to start under systemd it prompts us recursively for the root password even we're running Splun... by dchoi_splunk Splunk Employee in Splunk Search 12-31-2019 0 5	0	5
Is max_searches_per_cpu at 6 a good set-up? On our primary search head max_searches_per_cpu is set to 6. I wonder if it’s a good effective set-up. Where can I fi... by danielbb Motivator in Splunk Search 12-31-2019 0 7	0	7
How to group events by time after using timechart span? I'm using the following search with timechart span=1h to show how many events appear by the day and hour: \|inputlook... by russell120 Communicator in Splunk Search 12-31-2019 0 7	0	7
How to assign a custom scoring scale based on device type? (eval related) Hello, Currently we have a scoring for our systems that counts each server, router, switch, firewall, workstation, e... by UMDTERPS Communicator in Splunk Search 12-31-2019 0 8	0	8
How to find out who deleted savedsearches We found there were some savedsearches deleted for some reasons. Is it a way to find out who deleted the savedsearch... by lucas4394 Path Finder in Splunk Search 12-31-2019 0 2	0	2
Splunk fetching node as jenkins master, instead of actual slave for pipeline job builds. why? I am using jenkins's splunk plugin version 1.6.3(latest). I have configured no executor in master, so no possibility ... by rakesh635 Engager in Splunk Search 12-31-2019 3 14	3	14
Show me all events where field value not present? Greetings good people, i may be over thinking things or didn't get enough sleep. I need to return results where a fi... by yepyepyayyooo New Member in Splunk Search 12-30-2019 0 6	0	6
Copy a row in a table Hi, I am trying to conditionally add records to my table with a slight modification to the data. for example Date ... by komalg New Member in Splunk Search 12-30-2019 0 3	0	3
Regex help to extract from json Need help to extract the Phone number callForwardSelectiveDetails\":{\"description\":\"New Years Temp\",\"action\":f... by yograjpatel New Member in Splunk Search 12-30-2019 0 9	0	9
Timechart does not work correctly with another user I created several objects with my local splunk user and everything is working as expected. I need to share all items ... by sergeimartao Explorer in Splunk Search 12-30-2019 0 3	0	3
Why does count and dc behave differently? I have written the query index="main" host="web_application" \| stats count by status The result is: status c... by palisetty Communicator in Splunk Search 12-30-2019 0 1	0	1
How to sort a table by a time field in text format Hello, Here's the problem. Dashboard - Time picker is used to select a date range. But this date range is not check... by genesiusj Builder in Splunk Search 12-30-2019 0 2	0	2
What is the best way to count numbers of recipients in stanza? I have a recipient field containing a list of recipient delimited by a comma. What is the best way to calculate the t... by lucas4394 Path Finder in Splunk Search 12-30-2019 0 1	0	1
Need help using Tstats getting count of a string in raw logs I want to show the count of logs where a string appeared I have a string and need to know how many times it appears... by aamer86 Path Finder in Splunk Search 12-30-2019 0 15	0	15
How to add zeros to table when data is not found Hello, Have a question for the community: I have a table that looks like this: ADate Type 2019-12... by komalg New Member in Splunk Search 12-30-2019 0 2	0	2
How to write a search with the condition "if field1 NOT LIKE field2"? Hello, I am aware of the following search syntax field1 = something field1 = field2 field1 != field2 But I wis... by karthikmalla Explorer in Splunk Search 12-30-2019 0 8	0	8
expect value Hi I have log file like this: 09:04:04.042 module1: F[6]L: IN 09:04:01.417 module1: F[6]L: OUT 09:04:01.418 module... by indeed_2000 Motivator in Splunk Search 12-30-2019 0 7	0	7
Which fields correspond these metrics, count and percent? I have two fields on the event list. I have used Top command for that, I have got two fields and count and percent. ... by palisetty Communicator in Splunk Search 12-30-2019 0 1	0	1
How to co-relate data from multiple sourcetypes? I have data in three source types to co-relate. Time and a unique identifier number are common for all three sourcety... by ahmadshakir1952 Explorer in Splunk Search 12-29-2019 0 1	0	1
Index appearing in Interesting fields Why is that Index field doesn't appear in Selected Fields? It is appearing in interesting fields. index="homework_hos... by palisetty Communicator in Splunk Search 12-29-2019 0 3	0	3